ct logo wslogan

4 minutes reading time (723 words)

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at i-medIT are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 630-549-6199.



Already Registered? Login Here
No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Google Business Computing Cloud Hackers Backup Microsoft Malware Innovation Internet Tech Term Email Android Mobile Devices Data Network Security Cybercrime Small Business VoIP Windows Business Data Backup Efficiency Software Ransomware Smartphones Cloud Computing Hardware Browser Smartphone Internet of Things Computers Business Management How To Cybersecurity User Tips Communication Computer Automation Managed IT Services Business Continuity Artificial Intelligence Productivity Mobile Device Management Money Router Law Enforcement Chrome Hosted Solutions Social Engineering Network Collaboration Communications Data Recovery Upgrade App Windows 10 Save Money Bring Your Own Device Data Security Vulnerability Two-factor Authentication Connectivity Safety Gadgets Bandwidth Operating System Phishing Outsourced IT Saving Money Office 365 Social Media Telephone Systems BDR Server Data Breach Spam Managed IT Services Disaster Recovery Data Protection Word Alert IT Support Networking Password Paperless Office Cleaning Identity Theft Passwords Remote Monitoring Business Intelligence Sports Managed IT IT Management Gmail Windows 7 Data storage OneNote YouTube Update IT Plan Windows 10 Infrastructure Physical Security Applications Productivity Recovery Government Wi-Fi Private Cloud Virtualization The Internet of Things CES Google Drive Unsupported Software IT Services Downtime VPN Microsoft Office Redundancy Apps Public Cloud Content Management Facebook Avoiding Downtime Comparison Spam Blocking Internet Exlporer Miscellaneous Website Blockchain BYOD Quick Tips Data Storage HIPAA HVAC Touchpad iPhone Online Shopping Smart Tech Monitor PDF Meetings Wireless Technology Voice over Internet Protocol Office Conferencing Windows Server 2008 Hosted Computing Patch Management Internet exploMicrosoft eWaste Digital Signature Workplace Tips Virtual Assistant USB Black Market Samsung History Workers Cache Automobile Hacking Knowledge Marketing Human Resources Legal Enterprise Content Management Managed Service Provider Telephony Evernote IBM Machine Learning Relocation Emails Tech Support Credit Cards Inventory Scam Advertising Criminal HBO Millennials Encryption Telephone System Value Solid State Drive Botnet Wireless Internet Work/Life Balance Network Congestion Multi-Factor Security Staff Password Management Keyboard Settings Skype Wireless Charging Devices Supercomputer Data loss HaaS Entertainment Shadow IT Flash Fraud Access Control Outlook IT Consultant Frequently Asked Questions Workforce Accountants Big Data User Error Audit Travel Password Manager Wire Trending Mobile Device NIST Health Start Menu Cortana Thought Leadership Electronic Medical Records Budget Screen Mirroring Chromecast Holiday Amazon Authentication Humor Root Cause Analysis Google Docs Software Tips Uninterrupted Power Supply Going Green Excel Telecommuting Robot Computer Fan Business Mangement Smart Office Cryptocurrency Charger Tools Google Apps Reputation Cast Flexibility Servers Laptop Apple Netflix Sync Amazon Web Services Nanotechnology Hybrid Cloud Data Management NarrowBand webinar Office Tips Tip of the week Remote Work Practices End of Support FENG Recycling Document Management DDoS Specifications Safe Mode Computer Care Files Windows 10s Employer-Employee Relationship Addiction Hiring/Firing Customer Current Events Mobility Risk Management Worker Thank You Education Smart Technology Content Search Assessment Employer Employee Relationship Politics Rootkit Congratulations Computing Infrastructure Two Factor Authentication Information Technology Techology Audiobook How to Television Instant Messaging Troubleshooting Computer Accessories Best Practice Training Company Culture Webinar Transportation Public Computer CrashOverride WiFi Loyalty Experience Vendor Management Users IT Support Managing Stress Bluetooth IT solutions Benefits Books SaaS Remote Computing Video Games Music Twitter Virtual Reality Save Time Wireless Battery Firewall Emergency Scalability Wearable Technology Worker Commute